<?php
require_once 'config.php'; 
require_once 'startup.php'; 

// Check for user login
if(!$user->isLogged()){ 
    header('Location: ' . $config['url_admin'] . 'login.php');    
    exit();
}

// Render index page
$page_title = 'Havhokeren - Administration';
$title = 'Change password';
$filter = false;

$logged = $user->getUserName();
$save = '#';
$cancel = $config['url_admin'] . 'index.php';
$logout = $config['url_admin'] . 'logout.php';     
$edit_user = 'javascript:void(0);';
$newsletter = $config['url_admin'] . 'newsletter.php';  
$subscriber = $config['url_admin'] . 'index.php';

$text_save = 'Save';
$text_cancel = 'Cancel';
$text_logout = 'Logout';
$text_edit_user = 'Change password';
$text_subscriber = 'Subscribers';
$text_newsletter = 'Newsletter';
$text_current_pass = 'Current password';
$text_new_pass = 'New password';
$text_retype_pass = 'Retype password'; 
$text_goback = 'Click here to go back to subscribers list!';
$item_saved = false;
 
// Get data to insert, edit or delete
$current_pass   = isset($request->post['current_pass']) ? $request->post['current_pass'] : '';
$new_pass       = isset($request->post['new_pass'])     ? $request->post['new_pass'] : '';   
$retype_pass    = isset($request->post['retype_pass'])  ? $request->post['retype_pass'] : '';   
    
unset($success);
if($request->server['REQUEST_METHOD'] == 'POST'){
    if(strlen($current_pass) > 2 && strlen($new_pass) > 2 && strlen($retype_pass) > 2){ 
        if($user->isPassword($current_pass)){
            if($new_pass === $retype_pass){
                $user_id = $user->getId();
                $db->query("UPDATE `" . DB_PREFIX . "user` SET password = '" . $db->escape(md5($new_pass)) . "' WHERE user_id = '" . (int)$user_id . "'");
                
                unset($error);
                $success = 'Password changed!';
                $item_saved = true;
            } 
            else{
                $error = 'Password does not match';    
            }        
        }
        else{
            $error = 'Invalid current password';    
        }     
    }
    else{
        $error = 'Password must contain at least 3 characters.';              
    }       
}    

// Render page
include_once 'header.php';
?>

<script type="text/javascript"><!--
    jQuery(document).ready(function(){
        jQuery('#changepass_button').click(function(even){
            even.preventDefault(); 

            jQuery('#changepass_form').submit();
        });
    });         
//-->
</script>

<body>
    <div id="header">
        <div class="div1"><img style="cursor: pointer;" src="<?php echo $config['url_admin']; ?>image/logo.png" title="<?php echo $title; ?>" onclick="location = '<?php echo $config['url_admin']; ?>'" /></div>
        <?php if ($logged) { ?>
            <div class="div2"><img src="<?php echo $config['url_admin']; ?>image/lock.png" alt="" style="position: relative; top: 3px;" />You are logged in as: &nbsp;<?php echo $logged; ?></div>
        <?php } ?>
    </div>
    
    <?php if ($logged) { ?>
        <div id="menu">
            <ul class="nav left" style="display: block;">
                <li id="subscriber"><a class="top" href="<?php echo $subscriber; ?>"><?php echo $text_subscriber; ?></a></li>
                <li id="newsletter"><a class="top" href="<?php echo $newsletter; ?>"><?php echo $text_newsletter; ?></a></li>                
            </ul>
            <ul class="nav right">                
                <li id="edit_user" class="selected"><a class="top" href="<?php echo $edit_user; ?>"><?php echo $text_edit_user; ?></a></li>
                <li id="logout"><a class="top" href="<?php echo $logout; ?>"><?php echo $text_logout; ?></a></li>
            </ul>
        </div>
    <?php } ?>
    
    <div id="content">
        <div class="breadcrumb"></div>
        
        <?php if(isset($error)) { ?> 
            <div class="warning"><?php echo $error; ?></div>
        <?php } ?>
        <?php if(isset($success)){ ?>
            <div class="success"><?php echo $success;?></div>
        <?php } ?>
    
        <div class="box">
            <div class="left"></div>
            <div class="right"></div>
            <div class="heading">
                <h1 style="background-image: url('<?php echo $config['url_admin']; ?>image/user.png');"><?php echo $title; ?></h1>
                <div class="buttons">
                     <?php if(!$item_saved){ ?>
                        <a id="changepass_button" href="<?php echo $save; ?>" class="button"><span><?php echo $text_save; ?></span></a>
                        <a onclick="location = '<?php echo $cancel; ?>'" class="button"><span><?php echo $text_cancel; ?></span></a>
                     <?php } ?>
                </div>
            </div>
            
            <div class="content">      
                <form id="changepass_form" action="<?php echo $config['url_admin'] . basename(__FILE__); ?>" method="post" enctype="multipart/form-data">
                    <table class="form">                         
                        <tbody>
                            <?php if(!$item_saved){ ?>
                                <tr>
                                    <td><?php echo $text_current_pass; ?><span class="required">*</span></td>
                                    <td><input type="password" id="current_pass" value="" name="current_pass" style="width:300px;"></td>                                    
                                </tr>
                                <tr>
                                    <td><?php echo $text_new_pass; ?><span class="required">*</span></td>
                                    <td><input type="password" id="new_pass" value="" name="new_pass" style="width:300px;"></td>
                                </tr> 
                                <tr>
                                    <td><?php echo $text_retype_pass; ?><span class="required">*</span></td>
                                    <td><input type="password" id="retype_pass" value="" name="retype_pass" style="width:300px;"></td>
                                </tr>
                            <?php }else{ ?>
                                <tr>
                                    <td align="center" colspan="2"><a href="<?php echo $cancel; ?>"><?php echo $text_goback; ?></a></td>
                                </tr>
                            <?php } ?>                           
                        </tbody>
                    </table>
                    <input type="hidden" id="action" name="action" value="<?php echo $action; ?>" />   
                </form>                    
            </div>
        </div>
    </div>
    
    <?php include_once 'footer.php'; ?>
</body>
</html>
